diff --git a/README.md b/README.md index 82c446d77..3b8526c42 100644 --- a/README.md +++ b/README.md @@ -158,6 +158,7 @@ There are further Services that can be switched on: * **Telegraf metrics** [details](https://github.com/rootzoll/raspiblitz/issues/1369) * **Chantools** (Fund Rescue) [details](https://github.com/guggero/chantools/blob/master/README.md) * **Suez** (Channel Visualization for LND & CL) [details](https://github.com/prusnak/suez#suez) +* **Helipad** (Podcasting 2.0 Boostagram reader) [details](https://github.com/Podcastindex-org/helipad) * **CL Spark Wallet** (WalletUI with BOLT12 offers) [details](https://github.com/shesek/spark-wallet#progressive-web-app) * **CL plugin: Sparko** (WalletUI & HTTP-RPC bridge) [details](https://github.com/fiatjaf/sparko#the-sparko-plugin) * **CL plugin: CLBOSS** (Automated Node Manager) [details](https://github.com/ZmnSCPxj/clboss#clboss-the-c-lightning-node-manager) diff --git a/home.admin/00mainMenu.sh b/home.admin/00mainMenu.sh index db34788b5..cdc388edc 100755 --- a/home.admin/00mainMenu.sh +++ b/home.admin/00mainMenu.sh @@ -141,6 +141,9 @@ fi if [ "${sphinxrelay}" == "on" ]; then OPTIONS+=(SPHINX "Sphinx Chat Relay") fi +if [ "${helipad}" == "on" ]; then + OPTIONS+=(HELIPAD "Helipad Boostagram reader") +fi if [ "${chantools}" == "on" ]; then OPTIONS+=(CHANTOOLS "ChannelTools (Fund Rescue)") fi @@ -297,6 +300,9 @@ case $CHOICE in SPHINX) sudo /home/admin/config.scripts/bonus.sphinxrelay.sh menu ;; + HELIPAD) + sudo /home/admin/config.scripts/bonus.helipad.sh menu + ;; CHANTOOLS) sudo /home/admin/config.scripts/bonus.chantools.sh menu ;; diff --git a/home.admin/00settingsMenuServices.sh b/home.admin/00settingsMenuServices.sh index e3f830817..a9416ff6b 100755 --- a/home.admin/00settingsMenuServices.sh +++ b/home.admin/00settingsMenuServices.sh @@ -27,6 +27,7 @@ if [ ${#chantools} -eq 0 ]; then chantools="off"; fi if [ ${#sparko} -eq 0 ]; then sparko="off"; fi if [ ${#spark} -eq 0 ]; then spark="off"; fi if [ ${#tallycoinConnect} -eq 0 ]; then tallycoinConnect="off"; fi +if [ ${#helipad} -eq 0 ]; then helipad="off"; fi if [ ${#bitcoinminds} -eq 0 ]; then bitcoinminds="off"; fi # show select dialog @@ -61,6 +62,7 @@ if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then OPTIONS+=(y 'LND PyBLOCK' ${pyblock}) OPTIONS+=(h 'LND ChannelTools (Fund Rescue)' ${chantools}) OPTIONS+=(x 'LND Sphinx-Relay' ${sphinxrelay}) + OPTIONS+=(f 'LND Helipad Boostagram reader' ${helipad}) OPTIONS+=(d 'LND Tallycoin Connect' ${tallycoinConnect}) fi @@ -414,6 +416,21 @@ else echo "Sphinx Relay unchanged." fi +# Helipad +choice="off"; check=$(echo "${CHOICES}" | grep -c "d") +if [ ${check} -eq 1 ]; then choice="on"; fi +if [ "${helipad}" != "${choice}" ]; then + echo "Helipad setting changed .." + anychange=1 + sudo -u admin /home/admin/config.scripts/bonus.helipad.sh ${choice} + if [ "${choice}" = "on" ]; then + sudo systemctl start helipad + sudo -u admin /home/admin/config.scripts/bonus.helipad.sh menu + fi +else + echo "Helipad setting unchanged." +fi + # Tallycoin choice="off"; check=$(echo "${CHOICES}" | grep -c "d") if [ ${check} -eq 1 ]; then choice="on"; fi diff --git a/home.admin/_provision_.sh b/home.admin/_provision_.sh index e5dcecf66..a82d058a0 100755 --- a/home.admin/_provision_.sh +++ b/home.admin/_provision_.sh @@ -688,6 +688,15 @@ else echo "Sphinx-Relay - keep default" >> ${logFile} fi +# helipad +if [ "${helipad}" = "on" ]; then + echo "Helipad - run config script" >> ${logFile} + sudo sed -i "s/^message=.*/message='Setup Helipad'/g" ${infoFile} + sudo -u admin /home/admin/config.scripts/bonus/helipad.sh on >> ${logFile} 2>&1 +else + echo "Helipad - keep default" >> ${logFile} +fi + # circuitbreaker if [ "${circuitbreaker}" = "on" ]; then echo "Provisioning CircuitBreaker - run config script" >> ${logFile} diff --git a/home.admin/assets/nginx/sites-available/helipad_ssl.conf b/home.admin/assets/nginx/sites-available/helipad_ssl.conf new file mode 100644 index 000000000..b49abbd84 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/helipad_ssl.conf @@ -0,0 +1,20 @@ +## helipad_ssl.conf + +server { + listen 2113 ssl; + listen [::]:2113 ssl; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + access_log /var/log/nginx/access_helipad.log; + error_log /var/log/nginx/error_helipad.log; + + location / { + proxy_pass http://127.0.0.1:2112; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/assets/nginx/sites-available/helipad_tor.conf b/home.admin/assets/nginx/sites-available/helipad_tor.conf new file mode 100644 index 000000000..4ae9780c8 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/helipad_tor.conf @@ -0,0 +1,16 @@ +## helipad_tor.conf + +server { + listen localhost:2114; + server_name _; + + access_log /var/log/nginx/access_helipad.log; + error_log /var/log/nginx/error_helipad.log; + + location / { + proxy_pass http://127.0.0.1:2112; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/assets/nginx/sites-available/helipad_tor_ssl.conf b/home.admin/assets/nginx/sites-available/helipad_tor_ssl.conf new file mode 100644 index 000000000..be58cb839 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/helipad_tor_ssl.conf @@ -0,0 +1,19 @@ +## helipad_tor_ssl.conf + +server { + listen localhost:2115 ssl; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data-tor.conf; + + access_log /var/log/nginx/access_helipad.log; + error_log /var/log/nginx/error_helipad.log; + + location / { + proxy_pass http://127.0.0.1:3010; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/config.scripts/bonus.helipad.sh b/home.admin/config.scripts/bonus.helipad.sh new file mode 100644 index 000000000..3e57548ba --- /dev/null +++ b/home.admin/config.scripts/bonus.helipad.sh @@ -0,0 +1,270 @@ +#!/bin/bash + +#https://github.com/Podcastindex-org/helipad +HELIPAD_VERSION="v0.1.8" +HELIPAD_USER=helipad +HELIPAD_HOME_DIR=/home/$HELIPAD_USER +HELIPAD_DATA_DIR=/mnt/hdd/app-data/helipad +HELIPAD_BUILD_DIR=$HELIPAD_HOME_DIR/helipad +HELIPAD_RELEASE_URL="https://github.com/Podcastindex-org/helipad/archive/refs/tags/$HELIPAD_VERSION.tar.gz" +HELIPAD_DB=$HELIPAD_DATA_DIR/database.db +HELIPAD_HTTP_PORT=2112 +HELIPAD_HTTPS_PORT=2113 +HELIPAD_MACAROON=/mnt/hdd/app-data/lnd/data/chain/bitcoin/mainnet/admin.macaroon +HELIPAD_CERT=/mnt/hdd/app-data/lnd/tls.cert +HELIPAD_CARGO_BIN=/home/$HELIPAD_USER/.cargo/bin/cargo +HELIPAD_BIN=$HELIPAD_HOME_DIR/.cargo/bin/helipad + +# check and load raspiblitz config +# to know which network is running +source /home/admin/raspiblitz.info +source /mnt/hdd/raspiblitz.conf + +# command info +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "config script to install, update or uninstall helipad" + echo "$0 [on|off|menu|update]" + echo "install $HELIPAD_VERSION by default" + exit 1 +fi + +############### +# MENU +############### + +# show info menu +if [ "$1" = "menu" ]; then + + # get network info + localip=$(hostname -I | awk '{print $1}') + toraddress=$(sudo cat /mnt/hdd/tor/helipad/hostname 2>/dev/null) + fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2) + + if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then + # Info with TOR + /home/admin/config.scripts/blitz.display.sh qr "${toraddress}" + whiptail --title " Helipad " --msgbox "Open in your local web browser: +http://${localip}:${HELIPAD_HTTP_PORT}\n +https://${localip}:${HELIPAD_HTTPS_PORT} with Fingerprint: +${fingerprint}\n\n +Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress} +" 16 67 + /home/admin/config.scripts/blitz.display.sh hide + else + # Info without TOR + whiptail --title " Helipad " --msgbox "Open in your local web browser & accept self-signed cert: +http://${localip}:${HELIPAD_HTTP_PORT}\n +https://${localip}:${HELIPAD_HTTPS_PORT} with Fingerprint: +${fingerprint}\n +Use your Password B to login.\n +Activate TOR to access the web interface from outside your local network. +" 15 57 + fi + echo "please wait ..." + exit 0 +fi + +# add default value to raspi config if needed +if ! grep -Eq "^helipad=" /mnt/hdd/raspiblitz.conf; then + echo "helipad=off" >> /mnt/hdd/raspiblitz.conf +fi + +# stop services +echo "making sure services are not running" +sudo systemctl stop helipad 2>/dev/null + +############### +# SWITCH ON +############### + +#check if install exists: + +if [ "$1" = "1" ] || [ "$1" = "on" ]; then + echo "*** INSTALL HELIPAD ***" + + isInstalled=$(sudo ls /etc/systemd/system/helipad.service 2>/dev/null | grep -c 'helipad.service') + if ! [ ${isInstalled} -eq 0 ]; then + echo "Helipad already installed." + else + ############### + # INSTALL + ############### + + # create helipad user: + sudo adduser --disabled-password --gecos "" $HELIPAD_USER + + # install system dependencies: + sudo apt --assume-yes update + sudo apt --assume-yes --show-upgraded install libssl-dev libsqlite3-dev + + # install Rust dependencies: + echo "*** Installing rustup for the Helipad user ***" + curl --proto '=https' --tlsv1.2 -sSs https://sh.rustup.rs | sudo -u $HELIPAD_USER sh -s -- -y + + # download source + sudo -u $HELIPAD_USER mkdir -p $HELIPAD_BUILD_DIR + sudo rm -fR $HELIPAD_BUILD_DIR/* + wget -qO- $HELIPAD_RELEASE_URL | sudo -u $HELIPAD_USER tar -zxvf- --strip-components=1 -C $HELIPAD_BUILD_DIR + + # install helipad + sudo -u $HELIPAD_USER $HELIPAD_CARGO_BIN install --path $HELIPAD_BUILD_DIR + + ############### + # CONFIG + ############### + + # make sure helipad is member of lndadmin + sudo /usr/sbin/usermod --append --groups lndadmin $HELIPAD_USER + + # persist settings in app-data + sudo mkdir -p $HELIPAD_DATA_DIR + sudo chown $HELIPAD_USER: $HELIPAD_DATA_DIR + sudo -u $HELIPAD_USER touch $HELIPAD_DB + + ################## + # NGINX + ################## + + # setup nginx symlinks + if ! [ -f /etc/nginx/sites-available/helipad_ssl.conf ]; then + sudo cp -f /home/admin/assets/nginx/sites-available/helipad_ssl.conf /etc/nginx/sites-available/helipad_ssl.conf + fi + if ! [ -f /etc/nginx/sites-available/helipad_tor.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/helipad_tor.conf /etc/nginx/sites-available/helipad_tor.conf + fi + if ! [ -f /etc/nginx/sites-available/helipad_tor_ssl.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/helipad_tor_ssl.conf /etc/nginx/sites-available/helipad_tor_ssl.conf + fi + sudo ln -sf /etc/nginx/sites-available/helipad_ssl.conf /etc/nginx/sites-enabled/ + sudo ln -sf /etc/nginx/sites-available/helipad_tor.conf /etc/nginx/sites-enabled/ + sudo ln -sf /etc/nginx/sites-available/helipad_tor_ssl.conf /etc/nginx/sites-enabled/ + sudo nginx -t + sudo systemctl reload nginx + + ################# + # FIREWALL + ################# + # open the firewall + echo "*** Updating Firewall ***" + sudo ufw allow from any to any port $HELIPAD_HTTP_PORT comment 'allow Helipad HTTP' + sudo ufw allow from any to any port $HELIPAD_HTTPS_PORT comment 'allow Helipad HTTPS' + echo "" + + ################## + # SYSTEMD SERVICE + ################## + + echo "# Install Helipad systemd for ${network} on ${chain}" + echo " +# Systemd unit for Helipad +# /etc/systemd/system/helipad.service +[Unit] +Description=Helipad daemon +Wants=lnd.service +After=lnd.service +[Service] +WorkingDirectory=$HELIPAD_BUILD_DIR/ +ExecStart=$HELIPAD_BIN $HELIPAD_HTTP_PORT +User=$HELIPAD_USER +Restart=always +TimeoutSec=120 +RestartSec=30 +Environment="LND_TLSCERT=$HELIPAD_CERT" +Environment="LND_ADMINMACAROON=$HELIPAD_MACAROON" +Environment="HELIPAD_DATABASE_DIR=$HELIPAD_DB" +[Install] +WantedBy=multi-user.target +" | sudo tee /etc/systemd/system/helipad.service + + sudo systemctl enable helipad + + # setting value in raspiblitz config + sudo sed -i "s/^helipad=.*/helipad=on/g" /mnt/hdd/raspiblitz.conf + + # Hidden Service for Helipad if Tor is active + if [ "${runBehindTor}" = "on" ]; then + # make sure to keep in sync with internet.tor.sh script + /home/admin/config.scripts/internet.hiddenservice.sh helipad 80 $HELIPAD_HTTP_PORT 443 $HELIPAD_HTTPS_PORT + fi + + source /home/admin/raspiblitz.info + if [ "${state}" == "ready" ]; then + echo "# OK - the helipad.service is enabled, system is ready so starting service" + sudo systemctl start helipad + else + echo "# OK - the helipad.service is enabled, to start manually use: 'sudo systemctl start helipad'" + fi + + fi + exit 0 +fi + +# update +if [ "$1" = "update" ]; then + echo "# Updating Helipad" + + # Remove Helipad, keeping database + /home/admin/config.scripts/bonus.helipad.sh off --keep-data + + # Reinstall Helilpad w/ existing database + /home/admin/config.scripts/bonus.helipad.sh on + + exit 0 +fi + +# switch off +if [ "$1" = "0" ] || [ "$1" = "off" ]; then + + # Keep or delete Helipad database? + deleteData=0 + if [ "$2" = "--delete-data" ]; then + deleteData=1 + elif [ "$2" = "--keep-data" ]; then + deleteData=0 + else + if (whiptail --title " DELETE HELIPAD DATABASE? " --yesno "Do you want to delete\nthe Helipad database?" 8 30); then + deleteData=1 + else + deleteData=0 + fi + fi + echo "# deleteData(${deleteData})" + echo "*** REMOVING HELIPAD ***" + # remove systemd service + sudo systemctl disable helipad + sudo rm -f /etc/systemd/system/helipad.service + sudo rm -fR $HELIPAD_BUILD_DIR + if [ ${deleteData} -eq 1 ]; then + echo "# deleting Helipad database" + sudo rm -fR $HELIPAD_DATA_DIR + else + echo "# keeping Helipad database" + fi + # delete user and home directory + sudo userdel -rf $HELIPAD_USER + # close ports on firewall + sudo ufw deny $HELIPAD_HTTP_PORT + sudo ufw deny $HELIPAD_HTTPS_PORT + + # remove nginx symlinks + sudo rm -f /etc/nginx/sites-enabled/helipad_ssl.conf + sudo rm -f /etc/nginx/sites-enabled/helipad_tor.conf + sudo rm -f /etc/nginx/sites-enabled/helipad_tor_ssl.conf + sudo rm -f /etc/nginx/sites-available/helipad_ssl.conf + sudo rm -f /etc/nginx/sites-available/helipad_tor.conf + sudo rm -f /etc/nginx/sites-available/helipad_tor_ssl.conf + sudo nginx -t + sudo systemctl reload nginx + + # Hidden Service if Tor is active + if [ "${runBehindTor}" = "on" ]; then + /home/admin/config.scripts/internet.hiddenservice.sh off helipad + fi + + echo "OK Helipad removed." + + # setting value in raspi blitz config + sudo sed -i "s/^helipad=.*/helipad=off/g" /mnt/hdd/raspiblitz.conf + + exit 0 +fi \ No newline at end of file diff --git a/home.admin/config.scripts/tor.network.sh b/home.admin/config.scripts/tor.network.sh index 530f24a7f..ed38b8293 100755 --- a/home.admin/config.scripts/tor.network.sh +++ b/home.admin/config.scripts/tor.network.sh @@ -126,6 +126,9 @@ case "$1" in toraddress=$(sudo cat /mnt/hdd/tor/sphinxrelay/hostname 2>/dev/null) sudo -u sphinxrelay bash -c "echo '${toraddress}' > /home/sphinxrelay/sphinx-relay/dist/toraddress.txt" fi + if [ "${helipad}" = "on" ]; then + /home/admin/config.scripts/internet.hiddenservice.sh helipad 2112 2113 + fi echo "Setup logrotate" # add logrotate config for modified Tor dir on ext. disk